save a bunch of shit

jaybutera · Aug 21, 2023 · ae3da28 · ae3da28
1 parent 17bc022
commit ae3da28
Show file tree

Hide file tree

Showing 11 changed files with 287 additions and 11 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,3 +23,5 @@ rexiv2 = "0.10.0"
 rand = "0.8.5"
 rand_core = "0.6.3"
 ed25519-dalek = { version = "2.0.0", features = ["rand_core"] }
+base64 = "0.21.2"
+sha3 = "0.10.8"
diff --git a/src/main.rs b/src/main.rs
@@ -20,7 +20,6 @@ use smol::io::{AsyncRead, AsyncReadExt, BufReader};
 use smol::stream::StreamExt;
 use sha3::Digest;
 use rand_core;
-//use async_channel::{TryRecvError};
 
 use crate::migrations::generate_thumbnails;
 use crate::utils::{
@@ -85,6 +84,7 @@ async fn main_async() -> tide::Result<()> {
  };
 
  let mut app = tide::with_state(state);
+ use tide::http::cookies::SameSite;
  let cors = CorsMiddleware::new()
  .allow_methods("GET, POST, OPTIONS".parse::<HeaderValue>().unwrap())
  //.allow_origin(Origin::from("*"))
@@ -94,7 +94,8 @@ async fn main_async() -> tide::Result<()> {
  tide::sessions::MemoryStore::new(),
  &"sessionasdfsdfsdfsdfsdfsdfsdfsdfsdfsdfsdf".to_string().into_bytes(),
  //args.session_key.as_bytes(),
- );
+ )
+ .with_same_site_policy(SameSite::Lax);
  app.with(sessions);
  app.with(cors);
 
@@ -134,6 +135,11 @@ async fn generate_challenge(mut req: Request<ServerState>) -> tide::Result {
 
  // Store the challenge in the session
  req.session_mut().insert("challenge", challenge.to_vec())?;
+
+ // Get the sid from the session
+ let sid = req.session().id();
+ log::info!("Session ID: {}", sid);
+
  let challenge = base64::encode(challenge);
 
  let res = Response::builder(200)
@@ -149,6 +155,9 @@ async fn authenticate(mut req: Request<ServerState>) -> tide::Result {
  let pubkey: [u8; 32] = payload.public_key[..].try_into()?;
  let public_key = VerifyingKey::from_bytes(&pubkey)?;
 
+ let sid = req.session().id();
+ log::info!("Session ID: {}", sid);
+
  // Check if the challenge in the session matches the provided challenge
  let stored_challenge = req.session().get::<Vec<u8>>("challenge")
  .ok_or(to_badreq(anyhow!("No challenge found in session!")))?;
@@ -223,6 +232,8 @@ async fn get_image_full(req: Request<ServerState>) -> tide::Result {
 }
 
 async fn get_image_thumbnail(req: Request<ServerState>) -> tide::Result {
+ let sid = req.session().id();
+ log::info!("Session ID: {}", sid);
  let name = req.param("name")?;
  let mut path = req.state().args.root_dir.clone();
  // Use the thumbnail

diff --git a/ui/package-lock.json b/ui/package-lock.json
diff --git a/ui/package.json b/ui/package.json
@@ -20,6 +20,11 @@
  },
  "type": "module",
  "dependencies": {
- "bootstrap": "^5.3.0"
+ "@noble/ed25519": "^2.0.0",
+ "bootstrap": "^5.3.0",
+ "buffer": "^6.0.3",
+ "noble-ed25519": "^1.2.6",
+ "tweetnacl": "^1.0.3",
+ "tweetnacl-ts": "^1.0.3"
  }
 }
diff --git a/ui/src/components/ErrorMessage.svelte b/ui/src/components/ErrorMessage.svelte
@@ -0,0 +1,22 @@
+<script>
+ import { onMount } from 'svelte';
+
+ let messages = [];
+
+ onMount(() => {
+ const handler = (e) => {
+ messages.push(e.detail);
+ };
+
+ document.addEventListener('app-error', handler);
+ return () => {
+ document.removeEventListener('app-error', handler);
+ };
+ });
+</script>
+
+{#each messages as message (message.id)}
+ <div class="error">
+ {message.text}
+ </div>
+{/each}
diff --git a/ui/src/lib/img.ts b/ui/src/lib/img.ts
@@ -1,12 +1,59 @@
+import { sign } from 'tweetnacl';
+import { Buffer } from 'buffer';
+import * as ed from '@noble/ed25519';
+//import * as nacl from 'tweetnacl';
 // Img server address
-//export const img_server: string = "http://127.0.0.1:2342";
-export const img_server: string = "https://img.smdhi.xyz:8080";
+export const img_server: string = "http://127.0.0.1:2342";
+//export const img_server: string = "https://img.smdhi.xyz:8080";
 
 interface Index {
  name: string;
  topics: string[];
 }
 
+export async function authenticate(challenge: Uint8Array): Promise<void> { 
+ let private_key = localStorage.getItem('private_key');
+ const decoded = Buffer.from(private_key, 'base64');
+ // Convert private key to Uint8Array
+ //let keypair = sign.keyPair.fromSecretKey(decoded);
+ const pubKey = await ed.getPublicKeyAsync(decoded);
+ const sig = await ed.signAsync(challenge, decoded);
+ /*
+ let sig = sign(challenge, keypair.secretKey);
+ console.log(JSON.stringify({
+ signature: [...sig],
+ public_key: [...keypair.publicKey],
+ }));
+ */
+
+ const response = await fetch(`${img_server}/authenticate`, {
+ method: 'POST',
+ credentials: 'include',
+ body: JSON.stringify({
+ signature: [...sig],
+ public_key: [...pubKey],
+ }),
+ });
+
+ if (!response.ok) {
+ throw new Error(`Error authenticating: ${response.status}`);
+ }
+}
+
+export async function get_challenge(): Promise<Uint8Array> {
+ const response = await fetch(`${img_server}/generate-challenge`, {
+ credentials: 'include',
+ });
+
+ if (!response.ok) {
+ throw new Error(`Error getting challenge: ${response.status}`);
+ }
+ let encoded = await response.json();
+ console.log(encoded);
+ const decoded = Buffer.from(encoded, 'base64');
+ return decoded;
+}
+
 export async function generate_key(): Promise<Uint8Array> {
  let response = await fetch(`${img_server}/generate-key`);
  return response;